CVE-2008-5744 - Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local u

CVE-2008-5744

Summary

Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.

References

Vulnerable Configurations

cpe:2.3:a:asterisk:zaptel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:*:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:zaptel:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://bugs.digium.com/view.php?id=13954#96700 http://svn.digium.com/view/dahdi?view=rev&revision=5590 https://bugzilla.redhat.com/show_bug.cgi?id=475446#c4
mlist	[oss-security] 20081219 CVE Request - Incomplete dahdi/zaptel tor2.c patch for CVE-2008-5396
secunia	32960
xf	zaptel-tor2-memory-overwrite(47666)

Last major update

08-08-2017 - 01:33

Published

26-12-2008 - 21:30

Last modified

08-08-2017 - 01:33